How to restrict write access to C: root?

[22nampcar]

I come from a linux background, where users by default have write access only in their home directories. In the Windows 7 default setup, however, I can create folders at will in the root of the C drive. Is there a way to restrict write access to the root directory?

 

[logicearth]

Don't give users/applications administrative access. By that means you turn on UAC (full) or create a new user account that is standard. And only use your administrator account (the first account created) for when you need administrative power. Without administrative power, the user directory is the only place where a user has full control.

 

[unifex]

In addition, I should mention that in Windows C:\ is not the system root. Many computers have only one hard drive and often there is only one partition - definitely the case with old computers. Then users should be able to create their own data folders. I would be very annoyed if I were restricted to the standard "My Documents" folder for doing this. In fact, I never put any of my own data there at all. But since creating a folder C:\junk does not in any way interfere with anything, I see no reason why this should not be allowed.

However, if you are managing a computer with multiple users and want to restrict their privileges, then follow logicearth's advice and create standard accounts for them.

 

[22nampcar]

Thanks to both replies. However, I should have mentioned in my original post that I'm operating as a standard user. In some directories like Program Files or Windows, I need to authenticate in order to create new subdirectories. In fact, there is a shield icon next to the 'New Folder" button when I right-click. But in C:\ itself I get no such prompt. How would I secure C:\ from standard users?

@unifex: Is C:\Windows the system root?

 

[logicearth]

What I am about to show you is very sensitive, only remove what I have highlighted. Removing anything else can have very negative effects on your computer. Below I have attached an image of where you need to go and which permission you need to remove. When you hit "Ok", you will get a few error dialogs, click continue. (They are not affected but Windows will attempt update there inherited permissions just in case.)

Unless you know exactly what you are doing, messing with the ACLs is not a game. Doing the wrong thing can make things a PITA very quickly.

 

[22nampcar]

Oh wow, thanks! I should learn more about ACLs in Win7.

 

[Packet]

was this an upgrade install?
or do you have uac turned off?

by default, on a new format/install, you cant write to C: even as an admin without uac popping up

 

[logicearth]

was this an upgrade install?
or do you have uac turned off?

by default, on a new format/install, you cant write to C: even as an admin without uac popping up

The specific permission I pointed out in the above image gives users the ability to create folders, then that user can create files in that folder. files cannot be written to the root of the C: drive without administrative power.

 

[Packet]

now i'm intrigued - thank you. i'll check this out tonight

 

[Packet]

amazing. i can create a folder by default in c:\ but not write a file without uac popping up.

intriguing... most intriguing